".htaccess" tips and tricks

By using .htaccess files, we can control access to our web content by allowing/blocking certain user or ip addresses to access.

You may ask why do we need that, if you can do the same by using options like “order, limit” to restrict ip addresses and user actions in httpd.conf.

Fair enough, but there is some limitations.

Given below example:

1) Let say you are a system administrator in ABC company and your company have a few branches over the world. All these branches located in Malaysia, Singapore, Taiwan and China. And each branches will have their own web directories to store all the documents.

Each branches office have a static ip and domain name

Malaysia    1.2.3.4        www.abc.my

Singapore    2.3.4.5        www.abc.sg

Taiwan        3.4.5.6        www.abc.tw

China        4.5.6.7        www.abc.cn

Scenario 1:

You boss came to you and ask whether you could restrict all the web directories, that only allow all the branches access, public user shouldn’t be able to view or access to it.  Well, it’s easy , you just need to change the httpd.conf

httpd.conf

AllowOverride None Options AuthConfig # Allow use of the authorization directives

Order deny,allow

deny from all

allow 1.2.3.4

allow 2.3.4.5

allow 3.4.5.6

allow 4.5.6.7

Scenario 2:

But, in the same time , he wants to access all these directories from his house, which using dial up connection and doesn’t have a static ip address.

Either you advice him to apply a fix line or ask him to register dynamic dns, definitely your boss will not like it.

So the best solution is to control the web content with valid ‘username’ and ‘passwd’,

Simply create a .htaccess in protect folder and add the following lines

Options  Indexes #to enable directory listing

AuthName     “Password Protected by .htaccess“ #Message that prompt when asking for username and password

Authtype     Basic

AuthUserFile /usr/local/apache2/passwd #password file location

require user boss #username boss

satisfy any #either u r using malaysia,china,singapore n taiwan ip or u have a valid username and password, then u can view and access this directory

if ‘satisfy all’, mean you must have one of the country ip and have to provide valid username and password in order to access.

Generate username and password file

htpasswd -c /usr/local/apache2/passwd boss

-c is to create new passwd file, if u want to use back the existing password file

htpasswd /usr/local/apache2/passwd boss2

Done. It would be easier and provide more flexibility rather than changing the httpd.conf file and restart the webserver to apply the change.

• No Related Posts